Chalk up a sharp political point in support for privacy legislation with actual teeth: In today’s testimony in front of the House Energy & Commerce committee, Facebook CEO Mark Zuckerberg was asked about the outcomes of a string of legal actions against the company — most of which he claimed not be aware of. One which he at last said he could remember was Facebook’s 2011 FTC consent decree — when the company settled over deceptive privacy practices by agreeing to make product changes opt-in and pledging to gain express consent from users to any changes going forward. As part of that decree it also agreed to submit to privacy audits every two years for the next 20 years; bar access to content on deactivated accounts; and avoid misrepresenting the privacy or security of user data. But congresswoman Diana DeGette pressed the Facebook CEO on whether the company paid a financial penalty as a result of the FTC action. A confused looking Zuckerberg finally replied: “I don’t remember if we had a financial penalty.” “You’re the CEO of the company, you entered into a consent decree and you don’t remember if you had a financial penalty,” she responded, tone set to sarcastic incredulity. “I remember the consent decree,” said Zuckerberg hastily. “The consent decree is extremely important to how we operate the company.” “Yes I would think a financial penalty would be too,” interjected DeGette, leaving her point hanging in Zuckerberg’s silence. “The reason you probably don’t remember it is because the FTC doesn’t have the authority to issue financial penalties for first time violations,” she picked up. “The reason I’m asking these questions, sir, is because we continue to have these abuses and these data breaches but at the same time it doesn’t seem like future activities are prevented. So I think one of the things that we need to look at in the future… is putting really robust penalties in place — in case of improper actions.” A little later in the session, congressman Mike Doyle also raised the 20-year FTC consent decree, listing several of the practices it had deemed “unfair and deceptive” — namely: Facebook making users private information public “without sufficient notice or consent”; claiming to certify the security and integrity of certain apps “when in fact it did not”; and enabling developers to access “excessive information about a user and their friends”. When he asked Zuckerberg whether the list was…

Source: TechCrunch – Social Zuckerberg makes case for privacy regs with teeth — by failing to remember non-existent FTC fine